Indictments and Stolen Passwords: What They Mean for Security

Last week, I attended the 2014 Computer Enterprise Investigations Conference (CEIC), where I got to talk to some very interesting people and sit in on some fascinating sessions. Two of the mornings of my trip, I was awoken by the breaking news alert tone on my phone. First was the news of the indictment of Chinese hackers and the next was the news of the eBay data breach. It was interesting to be surrounded by security professionals while such big cybersecurity news happened.

Not surprisingly, the Chinese hacker story generated a lot more conversation than the eBay data breach. In fact, there seemed to be a “new breach, different day” attitude about the eBay event. That’s not to say that the news wasn’t important, but I felt a definite “when will companies learn” vibe. Data breaches like the one that hit eBay (or Target, which was brought up a lot over the week) will remain a problem until enterprise gets a better handle on corporate security. As Jon Oltsik, senior principal analyst with the Enterprise Strategy Group, pointed out in one of the sessions I attended, organizations are still using old security tools, don’t have enough skilled security staff, and are more focused on putting out security fires rather than preventing them. At the same time, the bad guys are pulling way ahead in both skills and technology. To paraphrase the comic strip character Pogo, when it comes to cybersecurity, the enemy is us.

Unless the enemy is Chinese hackers. And as I said, that breaking news generated a lot of conversation at CEIC. Cyber espionage is on the rise. As Joel Brenner, former head of U.S. counterintelligence under the Director of National Intelligence and former NSA Inspector General, stated in his keynote address, we’re seeing a serious rise in attacks on industries like mining, manufacturing and transportation, and on a national security level, it is disconcerting.

I had a chance to talk to Brenner after his keynote speech, and I asked him specifically about the indictments. He agreed with the assessments of others I spoke with, that the indictments will likely never result in an arrest or trial, as there is little chance these men will ever come to the United States. However, he does believe there will be some retaliation that will likely be more along economic lines, as we are seeing with the Chinese ban of Windows 8 on government computers.

There is a delicate balance with China, Brenner told me. Our relationship with them is economic, and that includes the cybersecurity issues. They aren’t an enemy like the old Soviet Union. Will these indictments create hostilities and lead to trade sanctions? Only time will tell how this will all play out.

Sounds like an interesting conference Sue, thanks for sharing!
It's scary that such reputable companies have been seen to have had so little regard for the security of their customer's data. Having previously been involved with the online payment industry and seen the rigour with which PCI compliance is applied and adhered to, I think an industry standard for non-payment related data is a logical next step.
In the meantime, how can businesses protect themselves from the damage done by hacked (or misplaced) shared passwords? One tip would be to use a password manager, like Passpack, Lastpass or my very own Pocketvault, to make it quick and easy to store, share and edit passwords for important shared accounts. That way, if you hear one of your business critical services has been hacked, your admin can change the password in seconds, without disrupting team memberâs access to the service.
I predict that someone will soon develop an authentication technology that kills the password (hereâs hoping!), perhaps using a combination of voice and facial recognition. But, until then, weâre stuck with the password and we have to f Reply

Please enable Javascript in your browser, before you post the comment! Now Javascript is disabled.

Post a comment

Your name/nickname

Your email

WebSite

Subject

(Maximum characters: 1200). You have 1200 characters left.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.